Connects Claude to Abnormal Security's threat detection platform via their REST API. You get tools to query detected threats, inspect individual messages with AI analysis breakdowns, trigger email remediation actions, review abuse mailbox reports, and manage security investigation cases. Uses a decision tree pattern where you call abnormal_navigate first to pick a domain (threats, messages, remediation, abuse, or cases), then access domain-specific operations. Supports both standalone mode with direct API token auth and gateway mode for hosted deployments. Reach for this when you need Claude to triage email security incidents, investigate phishing campaigns, or automate response workflows against Abnormal's threat intelligence.
claude mcp add --transport stdio wyre-technology-abnormal-mcp uvx abnormal-mcp